Ownership check missing when updating or deleting attachments
👉 https://hackerone.com/reports/1579820
🔹 Severity: Medium
🔹 Reported To: Nextcloud
🔹 Reported By: #kesselb
🔹 State: 🟢 Resolved
🔹 Disclosed: July 6, 2022, 5:50pm (UTC)
👉 https://hackerone.com/reports/1579820
🔹 Severity: Medium
🔹 Reported To: Nextcloud
🔹 Reported By: #kesselb
🔹 State: 🟢 Resolved
🔹 Disclosed: July 6, 2022, 5:50pm (UTC)
Privilege escalation possible in dovecot when similar passdbs are used
👉 https://hackerone.com/reports/1561579
🔹 Severity: Medium | 💰 900 USD
🔹 Reported To: Open-Xchange
🔹 Reported By: #julezman
🔹 State: 🟢 Resolved
🔹 Disclosed: July 6, 2022, 10:41pm (UTC)
👉 https://hackerone.com/reports/1561579
🔹 Severity: Medium | 💰 900 USD
🔹 Reported To: Open-Xchange
🔹 Reported By: #julezman
🔹 State: 🟢 Resolved
🔹 Disclosed: July 6, 2022, 10:41pm (UTC)
Stack Buffer Overflow via `gmp_sprintf`in `BLSSignature` and `BLSSigShare`
👉 https://hackerone.com/reports/1546935
🔹 Severity: Medium | 💰 2,500 USD
🔹 Reported To: SKALE Network
🔹 Reported By: #voiddy
🔹 State: 🟢 Resolved
🔹 Disclosed: July 7, 2022, 12:17am (UTC)
👉 https://hackerone.com/reports/1546935
🔹 Severity: Medium | 💰 2,500 USD
🔹 Reported To: SKALE Network
🔹 Reported By: #voiddy
🔹 State: 🟢 Resolved
🔹 Disclosed: July 7, 2022, 12:17am (UTC)
Remote denial of service in HyperLedger Fabric
👉 https://hackerone.com/reports/1604951
🔹 Severity: High | 💰 1,500 USD
🔹 Reported To: Hyperledger
🔹 Reported By: #fatal0
🔹 State: 🟢 Resolved
🔹 Disclosed: July 7, 2022, 11:55am (UTC)
👉 https://hackerone.com/reports/1604951
🔹 Severity: High | 💰 1,500 USD
🔹 Reported To: Hyperledger
🔹 Reported By: #fatal0
🔹 State: 🟢 Resolved
🔹 Disclosed: July 7, 2022, 11:55am (UTC)
Brute force of a current password on a disable 2fa leads to guess password and disable 2fa.
👉 https://hackerone.com/reports/1465277
🔹 Severity: No Rating
🔹 Reported To: Omise
🔹 Reported By: #sachinrajput
🔹 State: 🟢 Resolved
🔹 Disclosed: July 7, 2022, 4:35pm (UTC)
👉 https://hackerone.com/reports/1465277
🔹 Severity: No Rating
🔹 Reported To: Omise
🔹 Reported By: #sachinrajput
🔹 State: 🟢 Resolved
🔹 Disclosed: July 7, 2022, 4:35pm (UTC)
HTTP Request Smuggling Due to Incorrect Parsing of Multi-line Transfer-Encoding
👉 https://hackerone.com/reports/1501679
🔹 Severity: Medium
🔹 Reported To: Node.js
🔹 Reported By: #zeyu2001
🔹 State: 🟢 Resolved
🔹 Disclosed: July 7, 2022, 5:26pm (UTC)
👉 https://hackerone.com/reports/1501679
🔹 Severity: Medium
🔹 Reported To: Node.js
🔹 Reported By: #zeyu2001
🔹 State: 🟢 Resolved
🔹 Disclosed: July 7, 2022, 5:26pm (UTC)
HTTP Request Smuggling Due To Improper Delimiting of Header Fields
👉 https://hackerone.com/reports/1524692
🔹 Severity: Medium
🔹 Reported To: Node.js
🔹 Reported By: #zeyu2001
🔹 State: 🟢 Resolved
🔹 Disclosed: July 7, 2022, 5:26pm (UTC)
👉 https://hackerone.com/reports/1524692
🔹 Severity: Medium
🔹 Reported To: Node.js
🔹 Reported By: #zeyu2001
🔹 State: 🟢 Resolved
🔹 Disclosed: July 7, 2022, 5:26pm (UTC)
HTTP Request Smuggling Due to Flawed Parsing of Transfer-Encoding
👉 https://hackerone.com/reports/1524555
🔹 Severity: Medium
🔹 Reported To: Node.js
🔹 Reported By: #zeyu2001
🔹 State: 🟢 Resolved
🔹 Disclosed: July 7, 2022, 5:28pm (UTC)
👉 https://hackerone.com/reports/1524555
🔹 Severity: Medium
🔹 Reported To: Node.js
🔹 Reported By: #zeyu2001
🔹 State: 🟢 Resolved
🔹 Disclosed: July 7, 2022, 5:28pm (UTC)
Clickjacking Vulnerability In Whole Page Ads Tiktok
👉 https://hackerone.com/reports/1418857
🔹 Severity: Low | 💰 500 USD
🔹 Reported To: TikTok
🔹 Reported By: #rioncool22
🔹 State: 🟢 Resolved
🔹 Disclosed: July 7, 2022, 11:18pm (UTC)
👉 https://hackerone.com/reports/1418857
🔹 Severity: Low | 💰 500 USD
🔹 Reported To: TikTok
🔹 Reported By: #rioncool22
🔹 State: 🟢 Resolved
🔹 Disclosed: July 7, 2022, 11:18pm (UTC)
Exposed valid AWS, Mysql, Sendgrid and other secrets
👉 https://hackerone.com/reports/1580567
🔹 Severity: Critical
🔹 Reported To: Glovo
🔹 Reported By: #mehdisadir
🔹 State: 🟢 Resolved
🔹 Disclosed: July 8, 2022, 3:48pm (UTC)
👉 https://hackerone.com/reports/1580567
🔹 Severity: Critical
🔹 Reported To: Glovo
🔹 Reported By: #mehdisadir
🔹 State: 🟢 Resolved
🔹 Disclosed: July 8, 2022, 3:48pm (UTC)
Open Redirect through POST Request in www.redditinc.com
👉 https://hackerone.com/reports/1310230
🔹 Severity: Medium
🔹 Reported To: Reddit
🔹 Reported By: #kratul
🔹 State: ⚪️ Informative
🔹 Disclosed: July 8, 2022, 7:02pm (UTC)
👉 https://hackerone.com/reports/1310230
🔹 Severity: Medium
🔹 Reported To: Reddit
🔹 Reported By: #kratul
🔹 State: ⚪️ Informative
🔹 Disclosed: July 8, 2022, 7:02pm (UTC)
Unauthorized packages modification or secrets exfiltration via GitHub actions
👉 https://hackerone.com/reports/1548870
🔹 Severity: High | 💰 1,500 USD
🔹 Reported To: Hyperledger
🔹 Reported By: #dusty_wormwood
🔹 State: 🟢 Resolved
🔹 Disclosed: July 8, 2022, 7:51pm (UTC)
👉 https://hackerone.com/reports/1548870
🔹 Severity: High | 💰 1,500 USD
🔹 Reported To: Hyperledger
🔹 Reported By: #dusty_wormwood
🔹 State: 🟢 Resolved
🔹 Disclosed: July 8, 2022, 7:51pm (UTC)
👍1
Read beyond bounds in ap_strcmp_match() [zhbug_httpd_47.7]
👉 https://hackerone.com/reports/1595281
🔹 Severity: Low | 💰 480 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #tdp3kel9g
🔹 State: 🟢 Resolved
🔹 Disclosed: July 9, 2022, 1:39pm (UTC)
👉 https://hackerone.com/reports/1595281
🔹 Severity: Low | 💰 480 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #tdp3kel9g
🔹 State: 🟢 Resolved
🔹 Disclosed: July 9, 2022, 1:39pm (UTC)
Controllable read beyond bounds in lua_websocket_readbytes() [zhbug_httpd_126]
👉 https://hackerone.com/reports/1595290
🔹 Severity: Low | 💰 480 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #tdp3kel9g
🔹 State: 🟢 Resolved
🔹 Disclosed: July 9, 2022, 1:45pm (UTC)
👉 https://hackerone.com/reports/1595290
🔹 Severity: Low | 💰 480 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #tdp3kel9g
🔹 State: 🟢 Resolved
🔹 Disclosed: July 9, 2022, 1:45pm (UTC)
👍1
Read beyond bounds in mod_isapi.c [zhbug_httpd_41]
👉 https://hackerone.com/reports/1595296
🔹 Severity: Low | 💰 480 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #tdp3kel9g
🔹 State: 🟢 Resolved
🔹 Disclosed: July 9, 2022, 1:50pm (UTC)
👉 https://hackerone.com/reports/1595296
🔹 Severity: Low | 💰 480 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #tdp3kel9g
🔹 State: 🟢 Resolved
🔹 Disclosed: July 9, 2022, 1:50pm (UTC)
Read beyond bounds via ap_rwrite() [zhbug_httpd_47.2]
👉 https://hackerone.com/reports/1595299
🔹 Severity: Low | 💰 480 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #tdp3kel9g
🔹 State: 🟢 Resolved
🔹 Disclosed: July 9, 2022, 1:54pm (UTC)
👉 https://hackerone.com/reports/1595299
🔹 Severity: Low | 💰 480 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #tdp3kel9g
🔹 State: 🟢 Resolved
🔹 Disclosed: July 9, 2022, 1:54pm (UTC)
Apache HTTP Server: mod_proxy_ajp: Possible request smuggling
👉 https://hackerone.com/reports/1594627
🔹 Severity: Medium | 💰 2,400 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #ricterz
🔹 State: 🟢 Resolved
🔹 Disclosed: July 9, 2022, 7:25pm (UTC)
👉 https://hackerone.com/reports/1594627
🔹 Severity: Medium | 💰 2,400 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #ricterz
🔹 State: 🟢 Resolved
🔹 Disclosed: July 9, 2022, 7:25pm (UTC)
DoS via lua_read_body() [zhbug_httpd_94]
👉 https://hackerone.com/reports/1596252
🔹 Severity: Low | 💰 480 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #tdp3kel9g
🔹 State: 🟢 Resolved
🔹 Disclosed: July 9, 2022, 8:19pm (UTC)
👉 https://hackerone.com/reports/1596252
🔹 Severity: Low | 💰 480 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #tdp3kel9g
🔹 State: 🟢 Resolved
🔹 Disclosed: July 9, 2022, 8:19pm (UTC)
Blind SSRF at packagist.maximum.nl
👉 https://hackerone.com/reports/1538056
🔹 Severity: No Rating | 💰 75 USD
🔹 Reported To: Radancy
🔹 Reported By: #dk4trin
🔹 State: 🟢 Resolved
🔹 Disclosed: July 10, 2022, 12:38pm (UTC)
👉 https://hackerone.com/reports/1538056
🔹 Severity: No Rating | 💰 75 USD
🔹 Reported To: Radancy
🔹 Reported By: #dk4trin
🔹 State: 🟢 Resolved
🔹 Disclosed: July 10, 2022, 12:38pm (UTC)
Homograph attack bypass cause redirection
👉 https://hackerone.com/reports/1285245
🔹 Severity: No Rating | 💰 50 USD
🔹 Reported To: Vanilla
🔹 Reported By: #malek
🔹 State: 🟢 Resolved
🔹 Disclosed: July 10, 2022, 9:38pm (UTC)
👉 https://hackerone.com/reports/1285245
🔹 Severity: No Rating | 💰 50 USD
🔹 Reported To: Vanilla
🔹 Reported By: #malek
🔹 State: 🟢 Resolved
🔹 Disclosed: July 10, 2022, 9:38pm (UTC)
Server Side Template Injection on Name parameter during Sign Up process
👉 https://hackerone.com/reports/1104349
🔹 Severity: High
🔹 Reported To: Glovo
🔹 Reported By: #battle_angel
🔹 State: 🟢 Resolved
🔹 Disclosed: July 11, 2022, 8:42am (UTC)
👉 https://hackerone.com/reports/1104349
🔹 Severity: High
🔹 Reported To: Glovo
🔹 Reported By: #battle_angel
🔹 State: 🟢 Resolved
🔹 Disclosed: July 11, 2022, 8:42am (UTC)